An IE7 Security Vulnerability?

Some people are discussing a recently announced security vulnerability that they claim is found in Internet Explorer 7 on Windows XP SP2 systems.

While it is true that a vulnerability exists, the vulnerability is not actually in any components of IE7, although the attack vector makes it appear that way. Our friends at the MSRC have the issue under investigation and have posted a blog entry with more details on which component is affected and what you should do about it. If you’re curious about this vulnerability, I encourage you to read up about it there.